End-of-Day report
Timeframe: Donnerstag 28-02-2019 18:00 - Freitag 01-03-2019 18:00
Handler: Dimitri Robl
Co-Handler: Stephan Richter
News
Netzwerkanalyse: Wireshark 3.0 nutzt Paketsniffer von Nmap
Die aktuelle Version 3.0 des Werkzeugs zur Netzwerkanalyse, Wireshark, nutzt unter Windows den proprietären Paketsniffer von Nmap. Das Projekt entfernt außerdem alte Abhängigkeiten und unterstützt einige 5G-Protokolle.
https://www.golem.de/news/netzwerkanalyse-wireshark-3-0-nutzt-paketsniffer-von-nmap-1903-139730-rss.html
eBay-Phishing auf eBay-Seite
Betrügern ist es gelungen, eine gefälschte Login-Seite auf einem SSL-gesicherten eBay-Server abzulegen. Der Phishing-Versuch ist für Nutzer schwer erkennbar.
http://heise.de/-4324266
A Case Study in Wagging the Dog: Computer Takeover
Last month, Elad Shamir released a phenomenal, in depth post on abusing resource-based constrained delegation (RBCD) in Active Directory. One of the big points he discusses is that if the TrustedToAuthForDelegation UserAccountControl flag is not set, the S4U2self process will still work but the resulting TGS is not FORWARDABLE. This resulting service ticket will fail for traditional constrained delegation, but will still work in the S4U2proxy process for resource-based constrained delegation.
https://posts.specterops.io/a-case-study-in-wagging-the-dog-computer-takeover-2bcb7f94c783
Finding Perpetrators behind DDoS Attacks
Reflective Amplification Denial-of-Service attacks continue to be a serious threat.We measured roughly 10,000 attacks per day in a post last year, and the numbers have not gone down since:In the first two months of 2019 our honeypot network already saw [...]
https://sissden.eu/blog/finding-perpetrators-behind-ddos-attacks
Vulnerabilities
PSI GridConnect Telecontrol
This advisory provides mitigation recommendations for a cross-site scripting vulnerability reported in PSI GridConnects Telecontrol compact DIN rail device.
https://ics-cert.us-cert.gov/advisories/ICSA-19-059-01
Security updates for Friday
Security updates have been issued by Debian (bind9, file, ikiwiki, ldb, openssl1.0, php7.0, uw-imap, and wordpress), Fedora (ansible, file, flatpak, kernel, kernel-headers, and python-django), openSUSE (kernel and systemd), Scientific Linux (java-1.8.0-openjdk and java-11-openjdk), SUSE (openssl-1_1 and webkit2gtk3), and Ubuntu (libgd2).
https://lwn.net/Articles/781083/
IBM Security Bulletin: Information Disclosure Security Vulnerability Affects IBM Sterling B2B Integrator (CVE-2019-4063)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-information-disclosure-security-vulnerability-affects-ibm-sterling-b2b-integrator-cve-2019-4063/
IBM Security Bulletin: Financial Transaction Manager for ACH Services is affected by a potential SQL Injection vulnerability (CVE-2019-4032)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-financial-transaction-manager-for-ach-services-is-affected-by-a-potential-sql-injection-vulnerability-cve-2019-4032/
IBM Security Bulletin: Multiple Cross-Site Scripting Vulnerabilities Affect IBM Sterling B2B Integrator (CVE-2019-4027, CVE-2019-4028, CVE-2019-4029)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-cross-site-scripting-vulnerabilities-affect-ibm-sterling-b2b-integrator-cve-2019-4027-cve-2019-4028-cve-2019-4029/
IBM Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private - Node.js
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-affect-ibm-cloud-private-node-js/
IBM Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Affect IBM Sterling B2B Integrator (CVE-2018-0734, CVE-2018-5407)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-security-vulnerabilities-in-openssl-affect-ibm-sterling-b2b-integrator-cve-2018-0734-cve-2018-5407/
IBM Security Bulletin: IBM InfoSphere Governance Catalog is affected by an Improper Access Control vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-governance-catalog-is-affected-by-an-improper-access-control-vulnerability/
IBM Security Bulletin: IBM InfoSphere Governance Catalog is vulnerable to an Open Redirection vulnerability
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-infosphere-governance-catalog-is-vulnerable-to-an-open-redirection-vulnerability/
IBM Security Bulletin: IBM Security Identity Adapters affected by OpenSSL RSA Key vulnerability (CVE-2018-0737)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-security-identity-adapters-affected-by-openssl-rsa-key-vulnerability-cve-2018-0737/
IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM Java SDK
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-multiple-security-vulnerabilities-for-ibm-java-sdk/
IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities for IBM WebSphere Liberty Server
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-has-announced-a-release-for-ibm-security-identity-governance-and-intelligence-in-response-to-multiple-security-vulnerabilities-for-ibm-websphere-liberty-server/